cve/2024/CVE-2024-11662.md

### [CVE-2024-11662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11662)
![](https://img.shields.io/static/v1?label=Product&message=OpsManage&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.0.1%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=3.0.5%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Deserialization&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation&color=brightgreen)

### Description

A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Eine Schwachstelle wurde in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion deploy_host_vars der Datei /apps/api/views/deploy_api.py der Komponente API Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

### POC

#### Reference
- https://vuldb.com/?id.285983

#### Github
No PoCs found on GitHub currently.
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-11662](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-11662)`
			`![](https://img.shields.io/static/v1?label=Product&message=OpsManage&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.1%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.2%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.3%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.4%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=3.0.5%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Deserialization&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Input%20Validation&color=brightgreen)`

			`### Description`

			`A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.`
			`Eine Schwachstelle wurde in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5 ausgemacht. Sie wurde als kritisch eingestuft. Betroffen davon ist die Funktion deploy_host_vars der Datei /apps/api/views/deploy_api.py der Komponente API Endpoint. Mittels dem Manipulieren mit unbekannten Daten kann eine deserialization-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.`

			`### POC`

			`#### Reference`
			`- https://vuldb.com/?id.285983`

			`#### Github`
			`No PoCs found on GitHub currently.`